• Home
• News
  • Business Continuity News
  • Regional news
  • Sector news
  • Events Diary
  • Newsletters
  • Newsfeed
• Jobs
• Topics
  • BC: Facilities & Buildings
  • BC: General
  • BC: Markets & Companies
  • BC: Plan Development
  • BC: Software
  • BC: Statistics
  • BC: Testing & Exercising
  • Crisis Comms & Management
  • Critical Infrastructure Protection
  • Disaster Recovery
  • Emergency Management
  • Enterprise Risk Management
  • Operational Risk Management
  • Pandemic Planning
  • PS Prep
  • Standards
  • Terrorism
• Technology
  • Cloud Computing
  • Data Center / Centre Issues
  • ICT Continuity
  • Information Security
  • Recovery Facilities
• BC Store
• Journal
  • About the BC & Resiliency Journal
  • Latest papers
  • Subscribe
• Resources
  • Webinars
  • BC software directory
  • Newsfeed
  • Twitter
  • Advanced BC information
  • Advanced ICT information
  • Basic BC information
  • Basic ICT information
  • How to advertise
  • About us
  • Contact us
  • Privacy
• Training

Sign up for Continuity Briefing
Never miss a news story: signup for our free weekly email newsletter.

REGIONAL PORTALS
Continuity Central currently offers three regional business continuity portals:
North America
United Kingdom
Asia Pacific / Australasia

Use Google? Click the button to add Continuity Central news to your Google home page.
Get immediate news and information updates via our Twitter feed.

September 11, 2001: A decade on, what business continuity and information security lessons have been learned?

By Thomas Virgona, Ph.D

ABSTRACT: This paper describes research which investigated the impacts of September 11, 2001, on information security and looks at how effective disaster recovery and business continuity prepared to protect information systems were. Despite it being almost a decade since the events reviewed in this paper occurred, many of the lessons are not only current, but have not yet been effectively explored or considered.

The research examined the impact on information systems security on the disaster recovery effort associated with September 11, 2001. Specific areas considered included:

• What happened to the systems that day and how did information systems technologists
react?
• What changes to the SDLC (specifically humans’ role in disaster recovery design planning) have been implemented since September 11, 2001?
• What lessons were learned?

The expected outcome of the research will be a better understanding of issues facing information security during major disasters.

Specific findings included:

• One of the major shortcomings in the disaster recovery or continuity of business design was the reliance on humans to ensure that company’s information infrastructure was restored to an operational status.

• Organizations often create elaborate emergency operations plans, but they fail to develop the capability to implement these plans. Disaster plans are important, but they are not enough by themselves to assure preparedness. They can be an illusion of preparedness.

• Informally developed teams are more effective than formal teams.

• Information policies can’t be stopped during a crisis, but they need to be relaxed. Due to the human elements and personal relationships, firms need to realize that information system will be changes in an un‐controlled manner during a disaster. How these changes conflict with existing information security and change control policies presents an issue for firms.

Read the paper as a PDF

This paper was first published in Continuity Central’s sister publication, the Business Continuity Journal.

•Date: 9th Sept 2011 • Region: US •Type: Article • Topic: Terrorism

Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.